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DETAILED ACTION 



1. This Office Action is in response to the application filed on January 11, 2002. 

2. Claims 1-23 are presented for examination. Claims 1, 8, 12, 13, and 17 are 
independent claims. 

3. It is noted that applicant has other related application (s), such as copending 
application No. 09/999,881 filed on October 31, 2001. It is requested that any 
related application be referred to in the first sentence of the specification. 
Applicant is also requested to supply the serial numbers of any other related 
applications currently pending before the U.S Patent & Trademark Office. 

4. Figure 1 should be labeled as "prior art" since its details are described in the 
Background of the Invention. 

Claim Rejections - 35 USC § 112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 1-7, 12, and 17-23 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

A. The following terms lack antecedent basis: 



Application/Control Number: 1 0/044,667 Page 3 

Art Unit: 2126 

(i) "said security levels" (claim 1, lines 4-5; claim 12, lines 4- 
5; and claim 17, lines 5-6) 

(ii) "said function" (claim 1, line 6; claim 12, line 6; and claim 
17, line 7) 

(iii) "said multi-level table access" (claim 4, line 7 and claim 
20, line 8) 

B. The claim languages in the following claims are indefinite. 

(i) "a segment" (claim 6, line 6 and claim 22, line 8) 

(ii) "a virtual memory address" (claim 6, line 10 and claim 22, 
line 12) 

7. Dependent claims 2-7 and 18-23 are rejected for fully incorporating the 
deficiencies of their base claims. 



Double Patenting 



8. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to 
prevent the unjustified or improper timewise extension of the "right to exclude" 
granted by a patent and to prevent possible harassment by multiple assignees. See 
In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re LongU 
759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 
214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

9. A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent is shown to 
be commonly owned with this application. See 37 CFR 1.130(b). 
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10. Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully 
comply with 37 CFR 3.73(b). 

1 1 . Claim 1 is provisionally rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claim 1 of 
copending Application No. 09/999,881. Although the conflicting claims are not 
identical, they are not patentably distinct from each other because they are both 
claiming a method, comprising: executing a software object; establishing a 
security level for said software object; performing memory access using at least 
one of said security levels; and executing said function of said object. The only 
difference between the instant application and the copending application is the 
instant application performs a virtual address based memory access and the 
copending application performs a multi-table memory access. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
replace a multi-table memory access in the copending application for a virtual 
address based memory access in the instant application since a virtual address is 
in a multi-table - specifically, in virtual memory access table- and is used to locate 
the desired physical memory for executing the function of the software object. 

12. As to the remaining claims 2-23, they are also rejected under obviousness-type 
double patenting rejection as stated in claim 1 above. 

13. This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 
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Claim Rejections - 35 USC §102 



14. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant 
for patent, except that an international application filed under the treaty defined in section 351(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 

15. Claims 1-4, 6-20, 22, and 23 are rejected under 35 U.S.C. 102(e) as being 
anticipated by McKee (US 6,745,307 B2). 

16. As to claim 1 : 

McKee teaches the invention as claimed including a method (e.g., method and 
system for controlling areas of memory within a computer to routines executing at 
a specific privilege level; see the abstract), comprising: 

a. executing a software object (e.g., executing process; col.8, lines 1-5 and 
coll 3, lines 10-13); 

b. establishing a security level for said software object (e.g., specifies the 
privilege level required of an accessing process; col. 8, lines 9-13); 

c. performing a virtual address based memory access (e.g., If an entry in the 
TLB can be found that contains the region identifier contained within the 
region register specified by the region register selector field of the virtual 
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memory address, and that contains the virtual page address specified 
within the virtual memory address, then the processor determines whether 
the virtual memory page described by the virtual memory address can be 
accessed by the currently executing process; col 7, line 62-col.8, line 2) 
using at least one of said security levels (e.g., privilege levels 0, 1, 2, 3, 
and 4; see fig. 7 and the associated text in col. 9, lines 6-35); and 
d. executing said function of said object based upon said virtual address 

based memory access (e.g., the currently executing process may access the 
memory page if the access rights within the TLB entry allow the memory 
page to be accessed by the currently executing process and if the 
protection key within the TLB entry can be found within the protection-key 
registers 534 in association with an access mode that allows the currently 
executing process access to the memory page; col.8, lines 2-8). 

17. As to claim 2: 

McKee teaches using a processor (e.g., the processor; col 7, lines 66-67) to 
process software code of said software object. 

18. As to claim 3: 

McKee teaches assigning a security level relating to a memory access of at least a 
portion of a memory (e.g., memory access is provided only to routines running at 
those privilege levels at which a particular region of memory is intended for 
access; col 13, lines 6-8). 

19. As to claim 4: 
McKee teaches: 
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a. establishing a secondary table (e.g., TLB 514;fig.5); 

b. receiving a memory access request based upon executing of said software 
object (e.g., the application routine makes a system call which promotes 
812 privilege level to privilege level 0; col.9, lines 43-44); 

c. performing said virtual address memory access based upon said memory 
access request using said secondary table (e.g., the TLB can be searched 
for an entry containing a region identifier and virtual memory address 
that match the region identifier contained in the selected region register 
516 and the virtual page address 505; col 7, lines 52-61) and at least one 
virtual memory table (e.g., the virtual page table 602; fig. 6)\ and 

d. accessing a portion of a memory based upon said multi-level table access 
(e.g., access the memory page; col. 8, line 3 and lines 17-23). 

20. As to claim 6: 
McKee teaches: 

a. determining at least one security level that corresponds to a segment in 
said secondary table (e.g., see fig. 7 and the associated text); 

b. verifying a match between an execution security level to a security level 
associated with a segment being accessed in response to an execution of 
said object (e.g., col.8, lines 25-45), 

c. determining a virtual memory address based upon said secondary table in 
response to a match between said execution security level and said 
security level associated with said segment being accessed (col.8, lines 25- 
45); and 
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d. locating a physical memory location corresponding to a virtual memory 
address (e.g., find a memory page in physical memory corresponding to a 
virtual memory address; col.8, lines 47-48). 

21. As to claim 7: 
McKee teaches: 

a. determining a physical address from said virtual memory table (e.g., the 
virtual page table 602 includes a bit field 612 indicating whether or not 
the physical address is valid; col.8, lines 60-62); , 

b. determining a segment being executed based upon said physical address 
(e.g., selects a memory page within physical memory; col. 8, lines 62-66); 
and 

c. defining a current security level (e.g., the current privilege level; col. 9, 
lines 36-67), based upon said determining of said segment being executed. 

22. As to claim 12: 

Note the rejection of claim 1 above. Claim 12 is the same as claim 1, except claim 
12 is an apparatus claim and claim 1 is a method claim. 

23. As to claims 17-20, 22, and 23: 

Note the rejection of claims 1-4, 6, and 7, respectively. Claims 17-20, 22, and 23 
are the same as claims 1-4, 6, and 7, except claims 17-20, 22, and 23 are computer 
readable claims and claims 1-4, 6, and 7 are method claims. 

24. As to claim 13: 

The rejection of claim 1 above is incorporated herein in full. Additionally, 
McKee further teaches a processor (e.g., processor 108; fig. 1), a bus (e.g., 
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internal bus 116; coll, lines 41-42), a memory unit (e.g., memory 110, 112, 114; 
fig. 1), and a memory access interface (e.g., internal bus 117; fig. 1). 

25. As to claim 14: 

McKee teaches said processor comprises at least one microprocessor (e.g., 
microprocessors 124-129; fig. 1). 

26. As to claim 15: 

McKee teaches a virtual memory access table (e.g., the virtual memory table 
602;coL8, line 64) coupled with a secondary table (e.g., TLB 514;fig.5) 9 said 
memory access interface to provide a virtual memory addressing scheme (e.g., the 
virtual memory page described by the virtual memory address; col. 7, line 67- 
col.8, line 1) to access at least one portion of said memory unit based upon a 
security level (e.g., memory access is provided only to routines running at those 
privilege levels at which a particular region of memory is intended for access; 
coll 3, lines 6-8). 

27. As to claim 16: 

McKee teaches said memory unit comprises, among other things, a random access 
memory (e.g., disks; colJ, lines 30-31). 

28. As to claim 8: 

The rejection of claim 1 above is incorporated herein in full. Additionally, 
McKee further teaches: 

a. establishing a secondary table (e.g., TLB 514;fig.5) 
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b. receiving a memory access request based upon said executing of said 
software object (e.g., the application routine makes a system call which 
promotes 812 privilege level to privilege level 0; col.9, lines 43-44); 

c. determining at least one security level (e.g., specifies the privilege; col.9, 
lines 13-14 and fig. 7) that corresponds to a segment (e.g., a memory page; 
col.9, lines 13-14 and fig. 7) based upon a virtual address (e.g., virtual 
page address; col. 8, lines 47-54); and 

d. accessing a portion of a memory based upon said security level and said 
virtual address (e.g., access the memory page; col.8, lines 1-24). 

29. As to claims 9-11: 

They include the same limitations as claims 2, 3, and 7, respectively, and are 
similarly rejected under the same rationale. 

Allowable Subject Matter 

30. Claims 5 and 21 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

3 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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(i) Barnes et al. (US 6823433) teaches "Memory management system 
and method for providing physical address based memory access 
security." 

(ii) Maruyama (US 6052763) teaches "Multiprocessor system memory 
unit with split bus and method for controlling access to the 
memory unit." 

(iii) Johnson et al. (US 5684948) teaches "Memory management circuit 
which provides simulated privilege levels." 

(iv) Clifton (US 5469556) teaches "Resource access security system 
for controlling access to resources of a data processing system." 

(v) Nolan, Jr. (US 5146575) teaches "Implementing privilege on 
microprocessor systems for use in software asset protection." 

(vi) Mahon et al. (US 4809160) teaches "Privilege level checking 
instruction for implementing a secure hierarchical computer 
system." 

(v) Gilmont et al. "Enhancing security in the memory management 
unit" 1999 IEEE, pp. 1-8. 

(vi) Ozaki et al. "Software fault tolerance in architectures with 
hierarchical protection levels " 1988 IEEE, pp. 30-43. 

32. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to VAN H. NGUYEN whose telephone number is 
(571) 272-3765. The examiner can normally be reached on Monday-Thursday 
from 8:30AM - 6:00PM. The examiner can also be reached on alternative Friday. 
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33. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on (571) 272-3756. 

34. The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

35. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner for patents 



P O Box 1450 

Alexandria, VA 22313-1450 




Van H. 



Nguyen 



